Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
humt
Participant

SSL enable websites not opening

Appliance is 730 and fw is 70.20.87.  I have enable the SSL inspection but the problem is some websites are not open such as https:\\support[.]kaspersky[.]com . I have created a ticket there also but the issue is still there. Even i have try to bypass it. But still not get success. Even CP support is trying but not get success yet. They are searching for more. It works with HTTPS categorization but not with SSL inspection.

 

This command run but no sucess yet. If some one knows , how to solve it. Please let me know asap.

 

 

ckp_regedit -a SOFTWARE//CheckPoint//FW1 CPTLS_ACCEPT_ECDHE 1
ckp_regedit -a SOFTWARE//CheckPoint//FW1 CPTLS_PROPOSE_ECDHE 1
ckp_regedit -a SOFTWARE//CheckPoint//FW1 CPTLS_EC_P384 1

 

 

 

 

 

Another issue-

z1.png

And there are some websites which are showing not secure such as google.com etc. This issue is same in SSL only. At the time of opening, its shows secure but after 10-30minutes start showing not secure.  This issue is with some websites only specially with internal pages.

z2.png

 

 

 

 

6 Replies
PhoneBoy
Admin
Admin

This is an SMB appliance so the regedit commands you mention won't work.
Precise error messages you're experiencing when you are trying to access this site would helpful.
Also if you're trying to configure a bypass for HTTPS Inspection it needs to be configured according to what the CN of the site certificate says, which may be different from the URL you use to access the site.
0 Kudos
humt
Participant

Well one issue resolved but in case Certificate issue. CP support told the same issue is there side also and saying the issue is from Website not from us. But i can see that issue occur with many websites. Connection Not secure having issue with many websites. This issue is occurring when i am enable the SSL inspection.

 

 

z5.png

PhoneBoy
Admin
Admin

Have you installed the CA certificate on your local PC?
humt
Participant

Yes but still same issue.

0 Kudos
PhoneBoy
Admin
Admin

Can you show what the certificate for the website looks like?
0 Kudos
PhoneBoy
Admin
Admin

It looks like HTTPS Inspection is configured correctly on the gateway as the certificate presented in the browser per your PM.
However, the fact you are receiving errors means you have:

  • Not imported the CA key from the SMB device into the Certificate Store for your OS and/or Browser
  • Marked the CA key from your SMB device key as trusted

Until you do this correctly on the end user device, you will continue to receive these errors.
Refer to your OS/browser manufacturer for instructions on how to import (and trust) a new CA key.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events